This topic describes how to use custom resource definitions (CRDs) to collect Kubernetes container logs in the Sidecar mode.

Prerequisites

The Helm package alibaba-log-controller is installed. For more information, see Install Logtail.

Overview

In the Sidecar mode, the Logtail container shares the log directory with application containers in a pod. The application containers write logs to the shared directory and the Logtail container monitors the changes of log files in the shared directory and collects logs. For more information, vist Sidecar container with a logging agent and How pods manage multiple containers.

Step 1: Install Sidecar

The following example is a configuration template for log collection in the Sidecar mode: 
apiVersion: batch/v1
kind: Job
metadata:
  name: nginx-log-sidecar-demo
  namespace: default
spec:
  template:
    metadata:
      name: nginx-log-sidecar-demo
    spec:
      restartPolicy: Never
      containers:
      - name: nginx-log-demo
        image: registry.cn-hangzhou.aliyuncs.com/log-service/docker-log-test:latest
        command: ["/bin/mock_log"]
        args: ["--log-type=nginx", "--stdout=false", "--stderr=true", "--path=/var/log/nginx/access.log", "--total-count=1000000000", "--logs-per-sec=100"]
        volumeMounts:
        - name: nginx-log
          mountPath: /var/log/nginx
      ##### logtail sidecar container
      - name: logtail
        # more info: https://cr.console.aliyun.com/repository/cn-hangzhou/log-service/logtail/detail
        # this images is released for every region
        image: registry.cn-hangzhou.aliyuncs.com/log-service/logtail:latest
        # when recevie sigterm, logtail will delay 10 seconds and then stop
        command:
        - sh
        - -c
        - /usr/local/ilogtail/run_logtail.sh 10
        livenessProbe:
          exec:
            command:
            - /etc/init.d/ilogtaild
            - status
          initialDelaySeconds: 30
          periodSeconds: 30
        resources:
          limits:
            memory: 512Mi
          requests:
            cpu: 10m
            memory: 30Mi
        env:
          ##### base config
          # user id
          - name: "ALIYUN_LOGTAIL_USER_ID"
            value: "${your_aliyun_user_id}"
          # user defined id
          - name: "ALIYUN_LOGTAIL_USER_DEFINED_ID"
            value: "${your_machine_group_user_defined_id}"
          # config file path in logtail's container
          - name: "ALIYUN_LOGTAIL_CONFIG"
            value: "/etc/ilogtail/conf/${your_region_config}/ilogtail_config.json"
          ##### env tags config
          - name: "ALIYUN_LOG_ENV_TAGS"
            value: "_pod_name_|_pod_ip_|_namespace_|_node_name_|_node_ip_"
          - name: "_pod_name_"
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: "_pod_ip_"
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
          - name: "_namespace_"
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: "_node_name_"
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          - name: "_node_ip_"
            valueFrom:
              fieldRef:
                fieldPath: status.hostIP
        volumeMounts:
        - name: nginx-log
          mountPath: /var/log/nginx
      ##### share this volume
      volumes:
      - name: nginx-log
        emptyDir: {}
  1. Log on to your Kubernetes cluster.
  2. Configure the following basic parameters for log collection.
    ##### base config
          # user id
          - name: "ALIYUN_LOGTAIL_USER_ID"
            value: "${your_aliyun_user_id}"
          # user defined id
          - name: "ALIYUN_LOGTAIL_USER_DEFINED_ID"
            value: "${your_machine_group_user_defined_id}"
          # config file path in logtail's container
          - name: "ALIYUN_LOGTAIL_CONFIG"
            value: "/etc/ilogtail/conf/${your_region_config}/ilogtail_config.json"
    Parameter Description
    ${your_region_config} The ID of the region and the type of the network where your project resides. For more information, see Table 1.
    • If your project resides in the Internet, the parameter value is in the region-internet format, for example, cn-hangzhou-Internet.
    • If your project resides in the Alibaba Cloud internal network, the parameter value is in the region format, for example, cn-hangzhou.
    ${your_aliyun_user_id} The ID of your Alibaba Cloud account. For more information, see Obtain the account ID.
    ${your_machine_group_user_defined_id} The custom identifier of your machine group. The identifier must be unique in the region where your project resides. For more information, see Create a custom ID-based machine group.
  3. Configure the mount path of logs.
    volumeMounts:
- name: nginx-log
mountPath: /var/log/nginx
    • The Logtail container and application containers in a pod must share the same directory.
    • We recommend that you mount an emptyDir volume on the containers.
  4. Configure the delay for stopping log collection.
    In most cases, the delay for stopping log collection is 10 seconds. This value indicates that the Logtail container stops collecting logs 10 seconds after it receives a stop command. This delay prevents incomplete data collection. 
    command:        
- sh        
- -c        
- /usr/local/ilogtail/run_logtail.sh 10

Step 2: Configure log collection

You can configure an AliyunLogConfig CRD to collect logs. The following script shows how to configure a CRD. To delete log collection configurations, delete the corresponding CRD. 
apiVersion: log.alibabacloud.com/v1alpha1      ## The default setting, which you do not need to modify.
kind: AliyunLogConfig                          ## The default setting, which you do not need to modify.
metadata:
  name: simple-stdout-example                  ## The resource name, which must be unique in the cluster.
spec:
  project: k8s-my-project                      ## The name of a project. If you do not specify this parameter, logs are sent to the project that is configured when you installed Log Service components on the cluster.
  logstore: k8s-stdout                         ## The Logstore name. A Logstore is automatically created if the specified Logstore does not exist.
  machineGroups: ## The name of the machine group. Set the value to the ${your_machine_group_user_defined_id} value in the Sidecar configurations. The Sidecar and CRD are associated by using this configuration.
  - nginx-log-sidecar
  shardCount: 2                                ## Optional. The number of Logstore shards. Valid values: 1 to 10. Default value: 2.
  lifeCycle: 90                                ## Optional. The retention period of log data in the Logstore. Valid values: 1 to 7300. Default value: 90. Unit: days. The value 7300 indicates that log data is permanently stored in the Logstore.
  logtailConfig:                               ## The Logtail configurations.
    inputType: plugin                          ## The type of the data source from which data is collected. Only text logs can be collected.
    configName: simple-stdout-example          ## The name of the Logtail configuration file. This name must be the same as the resource name that is specified by the metadata.name parameter.
    inputDetail:                               ## The detailed Logtail configurations for log collection. For more information, see the examples.
    ...

In the Sidecar mode, only text logs can be collected. The value of the dockerFile parameter must be set to false.

For more information about the logtailConfig parameter, see Logtail configuration.

After the configuration file is created, the Logtail container collects and uploads logs to Log Service. You can log on to the Log Service console to view the logs.

Example

The following example shows how to use a CRD to collect logs in the Sidecar mode from a user-created on-premises Kubernetes cluster. The project that is created in Log Service for log collection resides in the China (Hangzhou) region. Logs are collected over the Internet. The volume that is mounted on the /var/log/nginx directory of the nginx-log-demo and Logtail containers is an emptyDir volume named nginx-log.

  1. Install Sidecar.
    apiVersion: batch/v1
kind: Job
metadata:
  name: nginx-log-sidecar-demo
  namespace: default
spec:
  template:
    metadata:
      name: nginx-log-sidecar-demo
    spec:
      restartPolicy: Never
      containers:
      - name: nginx-log-demo
        image: registry.cn-hangzhou.aliyuncs.com/log-service/docker-log-test:latest
        command: ["/bin/mock_log"]
        args: ["--log-type=nginx", "--stdout=false", "--stderr=true", "--path=/var/log/nginx/access.log", "--total-count=1000000000", "--logs-per-sec=100"]
        volumeMounts:
        - name: nginx-log
          mountPath: /var/log/nginx
      ##### logtail sidecar container
      - name: logtail
        # more info: ttps://cr.console.aliyun.com/repository/cn-hangzhou/log-service/logtail/detail
        # this images is released for every region
        image: registry.cn-hangzhou.aliyuncs.com/log-service/logtail:latest
        # when recevie sigterm, logtail will delay 10 seconds and then stop
        command:
        - sh
        - -c
        - /usr/local/ilogtail/run_logtail.sh 10
        livenessProbe:
          exec:
            command:
            - /etc/init.d/ilogtaild
            - status
          initialDelaySeconds: 30
          periodSeconds: 30
        env:
          ##### base config
          # user id
          - name: "ALIYUN_LOGTAIL_USER_ID"
            value: "xxxxxxxxxx"
          # user defined id
          - name: "ALIYUN_LOGTAIL_USER_DEFINED_ID"
            value: "nginx-log-sidecar"
          # config file path in logtail's container
          - name: "ALIYUN_LOGTAIL_CONFIG"
            value: "/etc/ilogtail/conf/cn-hangzhou-internet/ilogtail_config.json"
          ##### env tags config
          - name: "ALIYUN_LOG_ENV_TAGS"
            value: "_pod_name_|_pod_ip_|_namespace_|_node_name_|_node_ip_"
          - name: "_pod_name_"
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: "_pod_ip_"
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
          - name: "_namespace_"
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: "_node_name_"
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          - name: "_node_ip_"
            valueFrom:
              fieldRef:
                fieldPath: status.hostIP
        volumeMounts:
        - name: nginx-log
          mountPath: /var/log/nginx
      ##### share this volume
      volumes:
      - name: nginx-log
        emptyDir: {}
  2. Configure log collection.
    • Set the log path of access logs to /var/log/nginx/access.log and the destination Logstore to nginx-access. 
      # config for access log
apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
  # your config name, must be unique in you k8s cluster
  name: nginx-log-access-example
spec:
  # project name to upload log
  project: k8s-nginx-sidecar-demo
  # logstore name to upload log
  logstore: nginx-access
  # machine group list to apply config, should be same with your sidecar' [ALIYUN_LOGTAIL_USER_DEFINED_ID]
  machineGroups:
  - nginx-log-sidecar
  # logtail config detail
  logtailConfig:
    # log file's input type is 'file'
    inputType: file
    # logtail config name, should be same with [metadata.name]
    configName: nginx-log-access-example
    inputDetail:
      # Set logType to common_reg_log.
      logType: common_reg_log
      # Specify the log path.
      logPath: /var/log/nginx
      # Specify the names of log files that you want to collect. You can include wildcard characters in the parameter value, for example, log_*.log.
      filePattern: access.log
      # Set the dockerFile parameter to false in the Sidecar mode.
      dockerFile: false
      # Use a regular expression to match the first line of a log entry. For single-line log entries, the value is set to .*
      logBeginRegex: '. *'
      # Use a regular expression to parse logs.
      regex: '(\S+)\s(\S+)\s\S+\s\S+\s"(\S+)\s(\S+)\s+([^"]+)"\s+(\S+)\s(\S+)\s(\d+)\s(\d+)\s(\S+)\s"([^"]+)"\s. *'
      # Specify the keys that you want to extract from logs.
      key : ["time", "ip", "method", "url", "protocol", "latency", "payload", "status", "response-size",user-agent"]
# config for error log
    • Set the log path of error logs to /var/log/nginx/error.log and the destination Logstore to nginx-error. 
      # config for error log
apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
  # your config name, must be unique in you k8s cluster
  name: nginx-log-error-example
spec:
  # project name to upload log
  project: k8s-nginx-sidecar-demo
  # logstore name to upload log
  logstore: nginx-error
  # machine group list to apply config, should be same with your sidecar' [ALIYUN_LOGTAIL_USER_DEFINED_ID]
  machineGroups:
  - nginx-log-sidecar
  # logtail config detail
  logtailConfig:
    # log file's input type is 'file'
    inputType: file
    # logtail config name, should be same with [metadata.name]
    configName: nginx-log-error-example
    inputDetail:
      # Set logType to common_reg_log.
      logType: common_reg_log
      # Specify the log path.
      logPath: /var/log/nginx
      # Specify the names of log files that you want to collect. You can include wildcard characters in the parameter value, for example, log_*.log.
      filePattern: error.log
      # Set the dockerFile parameter to false in the Sidecar mode.
      dockerFile: false